Organizing Managed Google Play apps with collections

This week is all about a smaller newly introduced feature regarding Android Enterprise. A feature that helps with organizing the Managed Google Play apps within the Managed Google Play store. When structure and details are important, this is that sweet little detail that makes it perfect. Starting with the latest service release of Microsoft Intune (service release 2211), there is now support for organizing apps within the Managed Google Play store by using collections. Collections are shown on the front page of the Managed Google Play store and provide users with easy access to the required apps. Collections can be used to organize apps in different categories. Custom categories. It’s completely up to the IT administrator to create collections, to name collections, to add apps …

Read more

Informing users with organizational messages

This week is all about the latest addition to Microsoft Intune and that is organizational messages. Organizational messages enable organizations to send important messages to their users. That might sound similar to an already existing feature that would allow organizations to send custom notifications. There are, however, some major differences. One of the major challenges with custom notifications is that Microsoft Intune can’t guarantee the delivery of the message. Besides that, it’s only available for Android and iOS. That all changes with organizational messages. Minor detail, however, is that organizational messages rely on Windows 11. Besides that, it provides organizations with a new channel to communicate important messages to users. Important messages that can help users with a better understanding of their workplace, stay informed …

Read more

Getting started with compliance for Linux devices

This week is about a totally different platform as the last few months. This week is all about Linux devices. A few years ago, I wrote this post about supporting the unsupported platforms. This post will describe a solution that will address the biggest part of that challenge, as it will enable the compliance of Linux devices. All powered by the enrollment in Microsoft Intune. That enables organizations to require Linux devices to be compliant and enable users to be productive. Even on Linux devices. Besides that, it’s good to keep in mind that, at this point in time, it’s really only about device compliance. Configuring Linux devices is not part of the currently available functionalities. This post will describe the minor details about the …

Read more

Simplifying the management and configuration of your favorite browser

This week is all about simplifying the management and configuration of your favorite browsers, by using Microsoft Intune. That’s definitely not the sexiest subject, but it’s important to be familiar with the easy options that are available nowadays. With the latest additions to Microsoft Intune, the management and configuration of the different browsers became more of a native functionality. Native functionality was already available for Microsoft Edge, and recently became available for Google Chrome. And now, with the recent addition of importing third-party administrative templates, it became available for every browser that could be easily managed within an on-premises environment, by using Group Policies. Besides that, there are even alternatives when really needed. This post will provide an overview of the different options for managing …

Read more

Excluding Azure file shares from Conditional Access policies requiring MFA

This week is another short follow-up on the last couple of weeks. While the last couple of weeks were all about configuring the authentication on Azure file shares and on mapping Azure file shares, this week is all about the exclusion for multi-factor authentication (MFA). During the initial post, about using Azure AD Kerberos authentication for Azure file shares, it was mentioned that Azure AD Kerberos doesn’t support using MFA for accessing Azure file shares. The steps to prevent that, just weren’t described. And based on comments and feedback, it’s good to still walk through the steps for configuring that exclusion. This post will briefly discus the challenge, followed with the steps to create the exclusion for Azure file shares. This post will end with the …

Read more

Mapping Azure file shares on Windows devices

This week is a short follow-up on last week. While last week was all about configuring the authentication on Azure file shares, with the best user experience, this week is about automatically mapping those Azure file shares, for an even better user experience, on Windows devices. And to be really honest, that doesn’t really differ from mapping any other network drive. That doesn’t mean that it’s not a good moment to walk through the options for mapping (Azure) file shares. This post will briefly discuss the main different configuration options, followed with the steps to actually easily configure network mappings. That will be achieved by using the easiest most straight forward option, followed with the user experience. Note: When the authentication for the Azure file …

Read more

Configuring Azure AD Kerberos authentication on Azure file shares for Windows devices

This week is more Windows. More capabilities for creating a better user experience. This week the focus will be on Azure file shares and the relatively new Azure AD Kerberos authentication option, that can be configured on Windows devices by relying on Microsoft Intune. Azure Files supports the identity-based authentication over SMB, using Kerberos authentication. In preview, that now includes the ability to enable and configure Azure AD for authenticating hybrid identities. That allows users with a hybrid identity, to access Azure file shares using Kerberos authentication. That configuration relies on Azure AD to issue the required Kerberos tickets, to access Azure file shares using the SMB protocol. That basically means that users can access Azure file shares over the Internet, without requiring a line-of-sight …

Read more

Registering devices with the Windows Autopatch service

This week is all about the relatively new Windows Autopatch. Windows Autopatch is a cloud service provided, by Microsoft, that automates the update process for Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams. The steps to get started with Windows Autopatch are pretty straight forward, especially with the latest adjustments of how the service interacts with the tenant. Those adjustments improve the security posture of the service, by relying on application-only authentication, and further simplifies the enrollment process of the tenant. Together that makes the enrollment pretty straight forward. That’s also why this post simply assumes that the onboarding is successfully performed. Once the tenant is enrolled to the Windows Autopatch service, the next main action is the registration of the devices …

Read more

Using Microsoft Defender for Endpoint on Android for protecting the personal profile

This week another post about Microsoft Defender functionality, but on a completely different platform. This week is all about using Microsoft Defender for Endpoint, on Android devices, for protecting the personal profile. And for now, specifically focused on personally owned devices. That protection functionality is focused on providing users with the same level of protection in their personal profile, as provided in their work profile. It provides users – within their personal profile – with malware scanning on user-installed apps, protection from malicious URLs, network protection, and privacy controls. That provides users with better protection and organizations with more control on which devices are allowed to have access to company data. This post will mainly focus on the configuration of that additional protection of the …

Read more

Working with enhanced phishing protection in Microsoft Defender SmartScreen

This week is all about a new security feature that is part of Microsoft Defender SmartScreen and that was introduced with Windows 11, version 22H2. That feature is enhanced phishing protection. Enhanced phishing protection helps with protecting work accounts against phishing and unsafe usage on sites and apps. It works alongside existing Windows security features and alerts about typed work passwords in any Chromium browser, warns about reused work passwords on sites and apps, and warns when storing plaintext work passwords in Notepad, Word, or any Microsoft 365 Office app. That makes enhanced phishing protection an important addition to the Microsoft Defender SmartScreen security functionalities. This post will go through the available settings, the easy configuration, and the user experience with the enabled notifications. Note: …

Read more